Senior Staff Product Security Engineer | Secure Configuration

About The Position

Requirements

• 12+ Years of experience in product security with deep knowledge of security best practices.
• In-depth knowledge of common web application vulnerabilities (OWASP Top Ten) and knowledge of common application security control evaluation frameworks (OWASP ASVS) recommended.
• Strong verbal communication skills with an emphasis on application remediation processes.
• Ability to translate technical findings into actionable guidance.
• Collaborative mindset to work with product and customer-facing teams.
• Developer level proficiency in at least one language - Python, Java, or JavaScript preferred.

Nice To Haves

• Familiarity with ServiceNow architecture is a plus.
• Knowledge of common compliance frameworks (e.g. FedRAMP, NIST 800-53, ISO 27001) preferred.
• Would like to see BS/MS in Computer Science, Engineering, or a related discipline.

Responsibilities

• Participate in instance hardening management activities, including reviewing new product settings to build security recommendations and documenting these settings to ensure ServiceNow instance owners can ensure highest level of security of their instances.
• Maintain the set of hardening settings to ensure their relevance and accuracy.
• Perform security audits to discover, communicate, and recommend remediation activities for vulnerabilities.
• Contribute to the deprecation of security-impactful feature flags and support customer migration efforts to maintain a secure posture.
• Partner with Product Management to improve workflows that enable customers to adopt secure configurations more easily.

Benefits

• Base pay of $197,800 to $346,200, plus equity (when applicable), variable/incentive compensation and benefits.
• Health plans, including flexible spending accounts.
• 401(k) Plan with company match.
• Employee Stock Purchase Plan (ESPP).
• Matching donations.
• Flexible time away plan and family leave programs.